Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Craig Hale

Russian cybercriminals are hijacking domain names — with thousands of sites already taken over

DNS.

Cybersecurity researchers from Infoblox and Eclypsium have discovered a critical vulnerability within the Domain Name System (DNS) that is currently being exploited by Russian cybercriminals to take over legitimate websites.

Dubbed the ‘Sitting Ducks’ attack, the method is being used by more than a dozen Russian-affiliated threat actors to hijack domain names.

The issue, first noted in 2016, has seen a resurgence this year, and since its rediscovery, the two companies have collaborated with law enforcement and national Computer Emergency Response Teams (CERTs).

Sitting Duck attacks are on the rise

The Sitting Ducks attack targets DNS providers through a combination of lame delegation and insufficient validation of domain ownership, allowing attackers to claim domains at DNS providers without needing access to the legitimate owner’s account.

The research highlights the alarmingly common nature of exploitable domains, with more than one million vulnerable targets on any given day.

Moreover, the researchers say that the method is easy to perform and difficult to detect, but importantly for potential victims, it’s also entirely preventable.

After hijacking a currently registered domain by exploiting vulnerable DNS providers, an attacker can conduct a range of malicious activities, including malware delivery, phishing campaigns, brand impersonation and data exfiltration.

For the most part, the attack remains largely unknown and is harder to detect than other domain-hijacking methods like dangling CNAMEs.

Recommendations for preventing the Sitting Ducks attack include ensuring DNS providers require domain ownership verification and monitoring for lame delegations.

Furthermore, Infoblox and Eclypsium are to present their findings and further details at the upcoming BlackHat conference, offering an opportunity for the cybersecurity community to address the threat.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.